Don't Fall For Phishing
Cybercriminals are using phishing scams to steal from Australian businesses; learn how to protect yourself.
Did you know you can have the best spam filters, robust antivirus, and fieriest firewall in place and still fall prey to cybercriminals, specifically, phishing scams? Don’t panic citizens of the internet! StormWarden is here to rescue you from evildoers with some free advice on phishing scams, how to spot them and prevent them from damaging your business.
What is a phishing scam?
It’s when a criminal uses deceptive email tactics to attack internet users. While an individual can be subject to an attack, some phishing scams will specifically be aimed at attacking businesses.
How do they work?
By appearing to be sent from legitimate, trusted sources, these scams rely on fooling users into taking a certain action – depending on the kind of phishing scam these actions differ.
Isn’t it easy to tell they are scam emails?
Not always. Some emails may look the same as legitimate correspondence. One common example is a scam where it appears PayPal is informing you of a problem with your account. It carries the PayPal branding and a link asking you to log in to rectify the problem. When clicked, the scammers can steal your PayPal username and password.
More advanced phishing scams won’t just look the part, they’ll use personal information to make themselves seem even more valid. They might address you by name or use other information to trick you into thinking they are legitimate.
Another clever form of trickery is to impersonate a CEO or other executive in the company and email employees asking for funds to be sent or for other confidential information to be shared.
Are there any common tools these scammers use?
The email might ask you to open an attachment such as an image, PDF, or word document. When you open the attachment, it may install malware or ransomware on your system.
Another scam involves getting you to click a link to a fraudulent website which may then install malware or ransomware on your system or steal data such as usernames and passwords.
Why would someone want to steal my data?
Your data is worth a lot of money on the black market. Scammers will often sell data to the highest bidder on the dark web. Your data can be stolen and sold without you even knowing it.
In the case of ransomware, your data can be used to blackmail you into paying the scammers to get your stolen files back from them. If a scammer has effectively stolen business-critical data from you, if you don’t have a backup copy saved elsewhere, you could be in big trouble. Check out our resource on Office 365 Backups.
Can’t my spam filter stop them?
Your spam filter is a good start as it will detect and weed out many scam emails, however, some phishing scam emails will still slip through the cracks.
How do I avoid phishing scams?
Be aware of the sorts of scams people operate and train yourself and your team in recognising a fraudulent email. Also, keep one another up to date should any of you receive a phishing email so other members of the team know to stay vigilant.
How do I spot a scam email?
- There are unexpected attachments or you’re getting attachments from a business you don’t normally engage with or an untrusted source.
- If the email address is close, but not quite the right one. If the email isn’t addressed to you, or a similar email address to yours, but not yours is in the ‘to’ field.
- Poor spelling and grammar can be a big giveaway.
- If the business branding or logo doesn’t look quite right.
- If the email is asking you to do something out of the ordinary like transfer funds to your boss or verify an account you’ve already verified.
- If it’s semi threatening, for example telling you your Apple ID will be suspended if you don’t click a link and enter your email and password right away.
What else can I do to protect myself from phishing?
When in doubt, have an IT professional check suspicious emails for you. Follow up through trusted methods. Get in touch with a company directly by going to their website without clicking the email link, e.g. you can visit PayPal and log in to your account directly to see if there really is a need to update your information. Call the boss to confirm they really want funds transferred. Regularly back up your business data so if you’re prey to ransomware you have a secure copy of your stolen files. Make sure everyone on your team receives thorough ongoing training in phishing and recognising scams. Finally, remember if something seems too good to be true, it’s probably a scam. If something seems fishy, it’s probably phishing.